White House Moves to Deploy Claude Mythos in Federal Agencies

A model that internally identified thousands of zero-day vulnerabilities across every major operating system and browser is now being positioned for government-wide deployment. Federal Chief Information Officer Gregory Barbaccia sent a memo to Cabinet departments this week announcing that the White House Office of Management and Budget is establishing guardrails to authorize use of Claude Mythos by major federal agencies. The notice, first reported by Bloomberg and detailed by CSO Online, did not name specific agencies or commit to a rollout timeline.

The memo's language was deliberately cautious. Barbaccia wrote that the OMB is "working closely with model providers, other industry partners, and the intelligence community to ensure the appropriate guardrails and safeguards are in place before potentially releasing a modified version of the model to agencies." That phrase, "modified version," is doing significant work. Anthropic launched Claude Mythos Preview on April 7 through Project Glasswing, a controlled-access program limited to select technology and financial organizations, and the company has explicitly stated it has no plans to release the model to the general public.

Those capabilities are not hypothetical. In internal testing, Claude Mythos located thousands of previously unknown vulnerabilities spanning major operating systems and browsers. For a practitioner thinking about artificial intelligence in offensive and defensive security operations, that profile cuts both ways: the same capability that helps a defensive team find gaps before adversaries do can also lower the barrier for exploitation. The dual-use tension is exactly why the memo's references to intelligence community coordination matter more than the access announcement itself.

The regulatory picture

There is a notable split running through this story. While civilian agencies are being positioned to receive access, the Department of Defense's supply-chain risk designation against Anthropic, issued on March 3, remains legally in force. The D.C. Circuit declined to stay that designation on April 8, keeping Anthropic barred from defense contracts even as the OMB moves in the opposite direction on the civilian side. Neither the White House nor Anthropic responded to requests for comment before publication, CSO Online reported.

This civilian-versus-defense split reflects a broader challenge governments face when trying to govern frontier artificial intelligence: risk classifications do not travel cleanly across agency boundaries. A model deemed too risky for defense procurement can simultaneously be considered essential for civilian vulnerability management or critical infrastructure review. No current artificial intelligence act or domestic policy framework has cleanly resolved that tension.

Meanwhile, for practitioners tracking the commercial picture, Mashable reports that Anthropic shipped Claude Opus 4.7 on April 16, now the company's most capable publicly accessible model. Opus 4.7 is not a diluted Mythos: it is a general-purpose hybrid reasoning model targeting agentic coding, complex multi-step reasoning, and vision tasks. On SWE-Bench Verified it scores approximately 87.6%; on SWE-Bench Pro, 64.3%.

According to Financial Express, users can hand off long-running, minimally supervised coding work to Opus 4.7 that previously required close oversight, and it is available at the same price as Opus 4.6 through Claude.ai, the API, and partners including Amazon Bedrock and Microsoft Foundry. Keeping Mythos behind controlled-access walls while shipping Opus 4.7 publicly lets Anthropic advance general capabilities without relaxing the hard boundary around the model whose primary distinguishing feature is finding vulnerabilities at scale.

What the government deployment would actually look like remains genuinely unclear. The OMB memo references a modified version, but specifics around fine-tuning scope, inference environment, output filtering, and audit logging are not public. For security practitioners evaluating this, the assurance model matters as much as the capability model: a system that can find thousands of zero-days needs documented constraints on what it can do with that knowledge once operating inside federal networks.

Timing matters here too. Claude Opus 4.7 dropped April 16. Mythos Preview launched April 7. The OMB memo arrived in that same two-week window. Checking the broader AI model release calendar shows just how compressed the current development cycle has become, and how quickly policy is being asked to keep pace with capability.

The real question for federal CIOs is not whether guardrails can be built, but whether they can be verified before deployment at scale. Announcing access is easy; demonstrating that a modified Mythos behaves consistently within defined security boundaries across heterogeneous agency environments is the hard problem no memo can solve in advance.

Questions readers ask

What is Claude Mythos and why is it restricted?
Claude Mythos is Anthropic's frontier cybersecurity model, launched April 7 under Project Glasswing. In internal testing it found thousands of zero-day vulnerabilities across major operating systems and browsers. Anthropic restricted it to select organizations because its offensive capabilities create dual-use risks that broad public access would amplify.

How does Claude Mythos differ from Claude Opus 4.7?
Opus 4.7 is Anthropic's general-purpose public model, optimized for agentic coding, multi-step reasoning, and vision tasks, with an 87.6% score on SWE-Bench Verified. Mythos is a specialized model focused on cybersecurity with capabilities Anthropic deemed too risky for general release. They serve different use cases and operate under different access policies.

Can defense agencies access Claude Mythos under this announcement?
No. The Department of Defense's supply-chain risk designation against Anthropic from March 3 remains in force after the D.C. Circuit refused to stay it on April 8. The OMB memo covers civilian agencies only, creating an unusual split within the federal government.

What does "modified version" mean in the OMB memo?
The specific scope has not been disclosed publicly. It likely involves output filtering, constrained system prompts, or other guardrails limiting the model's ability to generate directly exploitable attack material. The assurance dimensions required for a defensible federal deployment remain undefined in public documents.